Online fraudsters may be ready to put Mac users in their sights. On Thursday, antivirus firm F-Secure published a brief analysis of a proof-of-concept adware program for the Mac OS X that could theoretically hook into any application to run attacker-specified code. The program, dubbed IAdware by F-Secure, could be silently installed in a users account without requiring administrator rights.
We wont disclose the exact technique used here - its a feature not a bug - but lets just say that installing a System Library shouldnt be allowed without prompting the user," stated F-Secure in the blog post. "Especially as it only requires copy permissions."
Vulnerability researchers have increasingly focused on finding flaws in the Mac OS. During the month of November, two serious flaws in Apples operating system were disclosed as part of the Month of Kernel Bugs (MoKB) project. The IAdware proof-of-concept code did nothing malicious, but merely opened up a browser each time an application was opened, F-Secure stated.
News source: SecurityFocus